The Secret of EC0-349 exam question

It is impossible to pass EC-Council EC0-349 exam without any help in the short term. Come to Ucertify soon and find the most advanced, correct and guaranteed EC-Council EC0-349 practice questions. You will get a surprising result by our Rebirth Computer Hacking Forensic Investigator practice guides.

2021 Jan EC0-349 real exam

Q31. When investigating a potential e-mail crime, what is your first step in the investigation? 

A. Determine whether a crime was actually committed 

B. Trace the IP address to its origin 

C. Recover the evidence 

D. Write a report 


Q32. When using Windows acquisitions tools to acquire digital evidence, it is important to use a well- tested hardware write-blocking device to 

A. avoiding copying data from the boot partition 

B. automate collection from image files 

C. prevent contamination to the evidence drive 

D. acquire data from the host-protected area on a disk 


Q33. John is using Firewalk to test the security of his Cisco PIX firewall. He is also utilizing a sniffer located on a subnet that resides deep inside his network. After analyzing the sniffer log files, he does not see any of the traffic produced by Firewalk. Why is that? 

A. Firewalk cannot pass through Cisco firewalls 

B. Firewalk sets all packets with a TTL of zero 

A. Enable direct broadcasts 

B. Disable direct broadcasts 

C. Disable BGP 

D. Enable BGP 


Q34. You discover evidence that shows the subject of your investigation is also embezzling money from the company. The company CEO and the corporate legal counsel advise you to contact local law enforcement and provide them with the evidence that you have found. The law enforcement officer that responds requests that you put a network sniffer on your network and monitor all traffic to the subjects computer. You inform the officer that you will not be able to comply with that request because doing so would: 

A. cause network congestion 

B. write information to the subjects hard drive 

C. violate your contract 

D. make you an agent of law enforcement 


Q35. In a computer forensics investigation, what describes the route that evidence takes from the time you find it until the case is closed or goes to court? 

A. chain of custody 

B. law of probability 

C. rules of evidence 

D. policy of separation 


Up to the minute EC0-349 testing engine:

Q36. If you plan to startup a suspect's computer, you must modify the   to ensure that you do not contaminate or alter data on the suspect's hard drive by booting to the hard drive. 

A. Scandisk utility 

B. deltree command 


D. Boot.sys 


Q37. When conducting computer forensic analysis, you must guard against   so that you remain focused on the primary job and insure that the level of work does not increase beyond what was originally expected. 

A. scope creep 

B. unauthorized expenses 

C. hard drive failure 

D. overzealous marketing 


Q38. What does the acronym POST mean as it relates to a PC? 

A. Pre Operational Situation Test 

B. PowerOn Self Test 

C. Primary Operating System Test 

D. Primary Operations Short Test 


Q39. When obtaining a warrant it is important to: 

A. generallydescribe the place to be searched and generally describe the items to be seized 

B. generallydescribe the place to be searched and particularly describe the items to be seized 

C. particularlydescribe the place to be searched and particularly describe the items to be seized 

D. particularlydescribe the place to be searched and generally describe the items to be seized 


Q40. What is the name of the standard Linux command that is also available as a Windows application that can be used to create bit-stream images? 

A. mcopy 

B. image 

C. dd 

D. MD5 


see more EC0-349 dumps